Curling is a retired vulnerable Linux machine available from HackTheBox. The machine maker is L4mpje, thank you. It has an Easy difficulty with a rating of 4.4 out of 10. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal is to obtain root shell together with both user & […]
I was looking for a way to pass through GPU acceleration to virtual machines for some processing tasks. However, most methods (such as DDA or VMware ESXi) requires specific server hardware, server hypervisor OS, support CPU & motherboard firmware. Sadly, I don’t have matching specification to use those methods. Then I come across RemoteFX. While […]
Remote is a retired vulnerable Windows machine available from HackTheBox. The machine maker is mrb3n, thank you. It has an Easy difficulty with a rating of 4.7 out of 10. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. No automated tools are needed. The goal is to obtain root shell […]
My build: Ryzen 7 3700X Build with Asus TUF Gaming X570-Plus While the RGB lights in my PC build add beautiful lighting effects to the computer, there are time and situation when you don’t want those flashy RGB lights. In my case, my PC build is used as a work machine, not a gaming machine. […]
My last PC build was an Intel i7-4770K with Asus Z87-Plus. It serves me well for many years. But has recently been giving me different issues. It’s about time to build another one before it runs out on me. The AMD 3rd GEN seems very promising so this time I would like to try out […]
Jarvis is a retired vulnerable machine available from HackTheBox. The machine maker is manulqwerty & Ghostpp7, thank you. It has a Medium difficulty with a rating of 4.9 out of 10. I think it’s somewhat between easy & medium. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal is […]
Typically in AWS environment, we use CodePipeline as the orchestrator to build, test and deploy our application/service. But in some scenario such as deploying static websites, we may just need to achieve simple continuous deployment. In these cases, we don’t need the full blown deployment pipeline for staging and approval process. We can simply use […]
Mirai is a retired vulnerable machine available from HackTheBox. The machine maker is Arrexel, thank you. It is a pretty easy machine with a difficulty rating of 3.7 out of 10. No automated tools are required to solve the machine. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal […]
Next.js is the React Framework that helps deploying a static website or dynamic website with server side rendering. This post will illustrates how to host a simple React application on AWS S3 using Next.js framework. Node.js is required. Setup Next.js project npm init next-app This command will ask couple simple questions including project name & […]
AWS File gateway, running as a VM server locally, can act as a NFS or SMB file share to actually store your files at AWS S3. Your on-premise machines can then connect and mount the file share to access data stored at S3 as if they are available locally. This can be a great first […]
The post looks at some options moving forward for developing applications using React/Angular/Vue with ASP.NET Core. Each option has it’s own advantage and short comings depending on the application requirements. SpaServices & NodeServices going away SpaServices and NodeServices become deprecated, starting at .NET Core 3.1. And they will be removed when .NET 5 arrives. .NET […]
Exploitation Summary Initial Exploitation Vulnerability: SQL Injection vulnerability of CMS Made Easy Explanation: CMS Made Easy version 2.2.9.1 has a SQL Injection vulnerability that results in exposure to login id and password hash Privilege Escalation Vulnerability: Hijack Command Execution by Path Interception Explanation: A writable bin folder exists in the execution search PATH and is […]
There are different ways to transfer installation files or VMs over to ESXi server. You can do it over the network or you can do it using USB. Although ESXi server does not directly support file transfer through USB, there are steps we can do to achieve that. We will be going over the a […]
CDK stands for Cloud Development Kit. It defines cloud infrastructure in code and provisions resources through AWS CloudFormation. This post will demonstrate how to setup and execute a simple CDK application to create a AWS S3 Static Website. Prerequisites Node.js >= 10.3.0 Python 3 configured AWS CLI with read/write access to S3 service Install AWS […]
Exploitation Summary Initial Exploitation Vulnerability: Backdoor Command Execution of UnrealIRCD Explanation: A malicious backdoor was added to UnrealIRCD version 3.2.8.1 Privilege Escalation Vulnerability: suid executable viewuser Explanation: It can execute as root and is looking for another command to execute in which we can exploit Enumeration nmap -p- -A -T4 10.10.10.117 TCP 22: OpenSSH 6.7p1 […]
Gatsby is a free and open source framework based on React that helps developers build blazing fast websites and apps. It achieves high performance by generating static files for your React application. This post will illustrates how to host a simple React application on AWS S3 using Gatsby framework. Node.js is required. Setup Gatsby First install the gatsby […]
AWS Route 53 is a highly available DNS service offered by Amazon. It also serves as domain registrar where you can register and manage your domain registration. It’s competitive and reliable. The post illustrates how to transfer a domain registration to Route 53 if you want to use it to manage your domains. Step 1: […]
We discussed how to view PDF files more safely a while back. Most of the time we only need to read PDF files. But once in a while, we want to combine pages from different PDF files into a single PDF file. There are quite a bunch of websites that offer merging PDF files online. […]
Fact: Simply opening an infected PDF file can get your device compromised. Need: to open PDF files more safely. PDF probably is the most commonly used format to facilitate exchange of electronic copy of documents. We share content using PDFs all over the web, through emails. And we receive our statements, bills, invoices from our providers. […]
Curling is a retired vulnerable Linux machine available from HackTheBox. The machine maker is L4mpje, thank you. It has an Easy difficulty with a rating of 4.4 out of 10. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal is to obtain root shell together with both user & […]
I was looking for a way to pass through GPU acceleration to virtual machines for some processing tasks. However, most methods (such as DDA or VMware ESXi) requires specific server hardware, server hypervisor OS, support CPU & motherboard firmware. Sadly, I don’t have matching specification to use those methods. Then I come across RemoteFX. While […]
Remote is a retired vulnerable Windows machine available from HackTheBox. The machine maker is mrb3n, thank you. It has an Easy difficulty with a rating of 4.7 out of 10. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. No automated tools are needed. The goal is to obtain root shell […]
My build: Ryzen 7 3700X Build with Asus TUF Gaming X570-Plus While the RGB lights in my PC build add beautiful lighting effects to the computer, there are time and situation when you don’t want those flashy RGB lights. In my case, my PC build is used as a work machine, not a gaming machine. […]
Jarvis is a retired vulnerable machine available from HackTheBox. The machine maker is manulqwerty & Ghostpp7, thank you. It has a Medium difficulty with a rating of 4.9 out of 10. I think it’s somewhat between easy & medium. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal is […]
Typically in AWS environment, we use CodePipeline as the orchestrator to build, test and deploy our application/service. But in some scenario such as deploying static websites, we may just need to achieve simple continuous deployment. In these cases, we don’t need the full blown deployment pipeline for staging and approval process. We can simply use […]
Mirai is a retired vulnerable machine available from HackTheBox. The machine maker is Arrexel, thank you. It is a pretty easy machine with a difficulty rating of 3.7 out of 10. No automated tools are required to solve the machine. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal […]
Next.js is the React Framework that helps deploying a static website or dynamic website with server side rendering. This post will illustrates how to host a simple React application on AWS S3 using Next.js framework. Node.js is required. Setup Next.js project npm init next-app This command will ask couple simple questions including project name & […]
AWS File gateway, running as a VM server locally, can act as a NFS or SMB file share to actually store your files at AWS S3. Your on-premise machines can then connect and mount the file share to access data stored at S3 as if they are available locally. This can be a great first […]
Exploitation Summary Initial Exploitation Vulnerability: SQL Injection vulnerability of CMS Made Easy Explanation: CMS Made Easy version 2.2.9.1 has a SQL Injection vulnerability that results in exposure to login id and password hash Privilege Escalation Vulnerability: Hijack Command Execution by Path Interception Explanation: A writable bin folder exists in the execution search PATH and is […]
There are different ways to transfer installation files or VMs over to ESXi server. You can do it over the network or you can do it using USB. Although ESXi server does not directly support file transfer through USB, there are steps we can do to achieve that. We will be going over the a […]
CDK stands for Cloud Development Kit. It defines cloud infrastructure in code and provisions resources through AWS CloudFormation. This post will demonstrate how to setup and execute a simple CDK application to create a AWS S3 Static Website. Prerequisites Node.js >= 10.3.0 Python 3 configured AWS CLI with read/write access to S3 service Install AWS […]
Exploitation Summary Initial Exploitation Vulnerability: Backdoor Command Execution of UnrealIRCD Explanation: A malicious backdoor was added to UnrealIRCD version 3.2.8.1 Privilege Escalation Vulnerability: suid executable viewuser Explanation: It can execute as root and is looking for another command to execute in which we can exploit Enumeration nmap -p- -A -T4 10.10.10.117 TCP 22: OpenSSH 6.7p1 […]
Gatsby is a free and open source framework based on React that helps developers build blazing fast websites and apps. It achieves high performance by generating static files for your React application. This post will illustrates how to host a simple React application on AWS S3 using Gatsby framework. Node.js is required. Setup Gatsby First install the gatsby […]
AWS Route 53 is a highly available DNS service offered by Amazon. It also serves as domain registrar where you can register and manage your domain registration. It’s competitive and reliable. The post illustrates how to transfer a domain registration to Route 53 if you want to use it to manage your domains. Step 1: […]
Exploitation Summary Initial Exploitation Vulnerability: Remote code execution via Magento Explanation: Magento has couple remote code execution vulnerabilities allowing admin account creation and then code execution through admin account Privilege Escalation Vulnerability: sudo vi capability Explanation: shell can be obtained through vi Enumeration nmap -p- -A -T4 10.10.10.140 TCP 22: OpenSSH 7.2p2 Ubuntu TCP 80: […]